An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags

G. Di Tizio; F. Massacci; L. Allodi; S. Dashevskyi; J. Mirkovic

doi:10.1109/EuroSPW51379.2020.00016

An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags

G. Di Tizio, F. Massacci, L. Allodi, S. Dashevskyi, J. Mirkovic

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

20 Downloads (Pure)

Abstract

Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

Original language	English
Title of host publication	5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Subtitle of host publication	[Proceedings]
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	56-65
Number of pages	10
ISBN (Electronic)	9781728185972
ISBN (Print)	9781728185989
DOIs	https://doi.org/10.1109/EuroSPW51379.2020.00016
Publication status	Published - 2020
Event	5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy Duration: 7 Sept 2020 → 11 Sept 2020

Conference

Conference	5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
Country/Territory	Italy
City	Virtual, Genoa
Period	7/09/20 → 11/09/20

Funding

This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929)

Funders	Funder number
European Commission	830929
European Commission

Access to Document

10.1109/EuroSPW51379.2020.00016

An_Experimental_Approach_for_Estimating_Cyber_Risk_a_Proposal_Building_upon_Cyber_Ranges_and_Capture_the_FlagsFinal published version, 158 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

Di Tizio, G., Massacci, F., Allodi, L., Dashevskyi, S., & Mirkovic, J. (2020). An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags. In 5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): [Proceedings] (pp. 56-65). Article 9229652 Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/EuroSPW51379.2020.00016

@inproceedings{3e99b3bdf15446568d06df7a11293b8b,

title = "An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags",

abstract = "Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.",

author = "{Di Tizio}, G. and F. Massacci and L. Allodi and S. Dashevskyi and J. Mirkovic",

year = "2020",

doi = "10.1109/EuroSPW51379.2020.00016",

language = "English",

isbn = "9781728185989",

pages = "56--65",

booktitle = "5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 ; Conference date: 07-09-2020 Through 11-09-2020",

}

Di Tizio, G, Massacci, F, Allodi, L, Dashevskyi, S & Mirkovic, J 2020, An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags. in 5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): [Proceedings]., 9229652, Institute of Electrical and Electronics Engineers Inc., pp. 56-65, 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, Virtual, Genoa, Italy, 7/09/20. https://doi.org/10.1109/EuroSPW51379.2020.00016

An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags. / Di Tizio, G.; Massacci, F.; Allodi, L. et al.
5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): [Proceedings]. Institute of Electrical and Electronics Engineers Inc., 2020. p. 56-65 9229652.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - An Experimental Approach for Estimating Cyber Risk

T2 - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

AU - Di Tizio, G.

AU - Massacci, F.

AU - Allodi, L.

AU - Dashevskyi, S.

AU - Mirkovic, J.

PY - 2020

Y1 - 2020

N2 - Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

AB - Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

U2 - 10.1109/EuroSPW51379.2020.00016

DO - 10.1109/EuroSPW51379.2020.00016

M3 - Conference contribution

SN - 9781728185989

SP - 56

EP - 65

BT - 5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 7 September 2020 through 11 September 2020

ER -

Di Tizio G, Massacci F, Allodi L, Dashevskyi S, Mirkovic J. An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags. In 5th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): [Proceedings]. Institute of Electrical and Electronics Engineers Inc. 2020. p. 56-65. 9229652 Epub 2020 Oct 22. doi: 10.1109/EuroSPW51379.2020.00016

An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags

Abstract

Conference

Funding

Access to Document

Persistent URL (handle)

Fingerprint

Cite this